Rohan Roy
Dr. Johan Bodaski
RCL II
April 5 2023
Protecting Data Privacy Rights for Social Media Users in the United States
Introduction: Social media is now a part of many people’s lives in the United States, with over 308 million active daily users (Statista). However, even though many of the most popular social media services were created in the United States, the lack of a comprehensive data privacy law in the country has raised concerns over the safety of users’ personal information. While users are scrolling and consuming content, many of them don’t know what’s happening to their data on the back-end. Every like, comment, share, tap, scroll, and pause is stored in the user’s database and used for many reasons. In recent years, several high-profile data breaches and scandals involving social media companies have further highlighted the urgent need for data privacy protection. Many believe it is time for the governing bodies to take appropriate action to address this issue and protect the privacy of the citizens. The ongoing TikTok ban, the rise of AI technology, and European Union GDPR have made it evident that there is a need for comprehensive data privacy protection for social media users in the United States.
What currently happens with social media users and their data: Some may question whether social media companies are profitable given the services are mainly free to use. After a quick Google search, they can find out how profitable these companies are, and their main source of income comes indirectly from the users. When users sign up for an account on a social media service, the goal of the social media app is to unnoticeably track every movement that the user makes on the app. The app starts by using tracking technologies such as cookies and pixels to track user activity on the platform and across the web. Afterwards, the social media companies are able to use the data they collect from users to show targeted advertisements to individuals who are most likely to be interested in them. For the most part, this method of generating revenue for social media companies seems to be justifiable as they are providing a free service and using the data to provide a more targeted advertisement that has a higher likelihood of success. In fact, this method is quite similar to what has been occurring on television networks where the advertisements are similar to the type of show or movie on at the time.
The speculation rises, however, once the data is handed off to third-party companies. Most of the time, social media companies sell user data to data collection companies. This doesn’t seem to be a problem, yet those data collection companies are the ones that sell our data to the third-party services, which include scammers. There is a part of the internet that exists called the Dark Web, which consists of buyers and sellers of people’s data. Some people have never heard of it, yet the dark web consists of 85% of the Internet. The user data for an average social media account with about 1000 followers and likes sells for an average of $1-$10 on the dark web (Avira). The lack of a comprehensive data privacy law in the United States allows anybody to purchase users’ social media data and use it to their advantage.
Rise of AI: With the rise in the improvement of Artificial Intelligence, the likelihood of success for social media-based scams increases. The system is able to scan through a user’s followers and contacts, learn the voice of a close family member / friend, and use that voice to sound more convincing and sophisticated during a scam call. These scams can lead to identity theft and financial fraud, putting users’ personal information at risk. Unfortunately, in most of these scamming cases, the populations that have been at a greater risk of having their data misused are lower income individuals as they make up a greater percentage of social media users and other free services. Scenarios like these put social media users’ personal information at risk, creating a larger need for a comprehensive data privacy law that addresses these concerns and provides users with greater protection.
European Union GDPR: The European Union General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. The law applies to anybody that possesses data of European citizens or residents, even if they are not in the EU. In possession of data, one must abide by the seven protection and accountability principles. Processing the data must be done in a lawful, fair, and transparent manner. The data must be processed for the legitimate purposes specified explicitly to the data subject when one collected it. Only the required amount of data as absolutely necessary should be collected and processed for the purposes specified. Personal data must be kept accurately and up-to-date. Personally-identifying data can only be stored for as long as necessary for the specified purpose. Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality. Finally, the data controller is responsible for being able to demonstrate GDPR compliance with all of these principles (GDPR.eu).
Next, the fines for violating a GDPR law are very high. The GDPR has two tiers of penalties, less severe and more severe infringements, and the fines are quite high regardless. For a less severe infringement, the fine can be up to €10 million, or up to 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. The less severe infringements include any violations of the articles governing controllers and processors, certification bodies, and monitoring bodies. The more serious infringements go against the basic principles of the GDPR, including the right to privacy and the right to be forgotten. More serious infringements have a fine that can be up to €20 million, or up to 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. €10 million or €20 million may be a cost social media firms may be willing to risk in order to get a higher return by selling their data. However, when it comes to up to 4% of the firm’s worldwide annual revenue from the preceding financial year, that is what will make the large social media companies back out as 4% can come out to billions of euros.
Ongoing Potential TikTok Ban: TikTok, the app that took off over the pandemic and was exponentially expanding, is currently up for a potential ban in the United States. The ban was initially proposed by Congress due to concerns that TikTok was collecting and sharing user data with the Chinese government. India banned the app in January 2021 and hasn’t lifted it since; costing ByteDance one of its biggest markets. Additionally, TikTok is banned on government agencies and government-issued devices in the United States, Canada, the European Union, and more. The TikTok CEO, Shou Zi Chew, mentioned to Congress that the servers where user data is stored will be moved from China to Texas. Thus, only United States employees will have access to the data, eliminating any risk of transmitting data to the Chinese government. A key concern not being addressed in this case, however, is that TikTok will still be manipulating with user data. After this case is wrapped up, I believe there is a dire need for the United States to propose a bill similar to the European Union’s GDPR.
Proposed solution: In order to keep all parties happy and satisfied, a social media ban is not the best solution, but rather a comprehensive data privacy law that protects users’ personal information. The law should ensure that social media companies are transparent about their data collection and usage policies, and users have control over their personal information. On the same page, social media companies not making any money would also be unethical. In my opinion, social media companies need to take an approach where they are able to sell data, but the data needs to be much more secure once it leaves their servers. Currently, social media companies say that they sell user data to data collection companies. This doesn’t seem to be a problem, yet those data collection companies are the ones that sell our data to the third-party services, which include scammers. If a bill is proposed where social media companies are required to encrypt the data so that only trusted services are able to access user data, that will not only protect user data but will also keep them safe from scams. However, this scenario to occur is very unlikely as it will plummet the revenue for social media companies. Therefore, some sort of ethics needs to be tied into these companies. I believe that will only happen if something goes wrong, and, unfortunately, usually social media companies hit breaking news when there is a large data breach.
Another compromise I thought of that can help both the users along with the social media companies would be a subscription service. In today’s day and age, social media is a part of everyday life. Therefore, many of us use social media for hours daily. If we use it for so long, along with wanting to make sure our data is safe, social media companies can launch a subscription service that enables those subscribers to opt out of data collection services. I’m not sure what the best price would be, but perhaps starting off with $5 a month would help the social media companies become net even as they would get a subscription fee from the user every month instead of selling off their data. The only downside I see to this approach would be that the social media companies may lose users as more users would become aware of the companies selling their data. Thanks to Elon Musk introducing a subscription service on Twitter for users to have a verified blue check mark next to their name, Meta has launched subscription services on Facebook and Instagram for their users to do the same. Currently, both cost around $10 a month, so the companies could easily sneak that data-privacy protection feature into that subscription model.
*Conclusion will be placed here…
*More infographics will be placed throughout essay
Links:
https://www.statista.com/statistics/278409/number-of-social-network-users-in-the-united-states/
https://www.washingtonpost.com/technology/2023/03/05/ai-voice-scam/
Great work Roy! I think that a policy for this problem is imperative and you propose an interesting solution. I have no comments about what is written, but if you wanted to add a little more spice into the brief, I would include a real life example on how someone’s privacy was violated through social media, and how your policy could have prevented that.
Amazing job explaining what is currently happening with data rights and social media! Your title and heading fit well with your topic and the current policy’s problem is flushed out. If I were to comment on anything I would say that further explanation of the harms would help with your pathos about the consequences of our data being sold and how that could reflect in a real-life example.